Getting To File This Week’s Front Page Security Story Before Changing Out Of Your Pajamas: Priceless.

There are some vulnerabilities money can’t buy. For everything else: there’s the DNS.

Yeah, it would seem that Tom is impressed. One can guess at the issue here… it’s obviously not just dealing with randomization of source ports, but also with the weak entropy in the DNS transfer id (DNS XID). When Tom was impressed with Dowd’s paper on null pointer exploitation, I spent a week reading and then re-reading the paper tons of times to make sure I wasn’t getting duped. Maybe Dan will produce some serious fireworks for Black Hat this year, like he did for ToorCon Seattle. One thing seems to be clear, don’t doubt Deputy Dan (for those who didn’t know, Deputy Dan is the inside nickname given to Kaminsky by Microsoft employees who say he is pretty immovable once convince of a security issue) apply that patch ASAP.